November, 2009

Nov 19 2009   6:15PM GMT

I didn’t learn information technology from TV crime dramas

Posted by: Troy Tate
information technology, irc, internet relay chat, technology education, misinformation, education, hacker, leetspeak, chat, covert channel, communication

I recently blogged about an online Nmap training video and referenced some movies that featured the Nmap application. It’s not just movies that feature information technology. Television features it’s share of information technology also. However, like anything you see on TV or in the movies, you have to consider accuracy of the information source. TV shows are not meant to be educational unless marketed as such, even then sources should be verified and established as credible. A recent Numb3ers show featured a segment about IRC or internet relay chat. According to the video below from YouTube, that is about all that was accurate about this information technology reference.

What references to information technology have you seen that may hurt or hinder IT professionals?

Thanks for reading & let’s continue to be good network citizens.

Nov 19 2009   3:21PM GMT

Online Nmap video training - scan your network

Posted by: Troy Tate
nmap, scanning, penetration testing, vulnerability scanning, host identification, blackhat, whitehat, hacker, network testing, education, network analysis, training, online training, free training, training resources

Nmap has been around a long time. It has become an indispensable tool for identifying systems, services and vulnerabilities on a network. It has also been featured in movies like The Matrix Reloaded, Bourne Ultimatum and Die Hard 4. What other network tool do you have in your toolkit that is a movie star?

I came across a great training resource for Nmap. It is a video by the author of Nmap, Gordon “Fyodor” Lyon. This particular video is from Defcon 16 Black Hat Briefings 2008. It is a great video because you learn some tips and tricks from the Nmap master. Take some time and learn about scan timing settings in Nmap that can get you results much faster. Learn also about analyzing responses of firewalled hosts versus non-firewalled hosts. The tips I learned in this video made a big difference in getting my job done.

The CosmoLearning website has a lot of excellent computer science content. This is a website to bookmark if you are a computer professional or student. You will find something of interest whether it be artificial intelligence, computer graphics, programming theory, or robotics.

Thanks for reading & let’s continue to be good network citizens!

Nov 19 2009   1:59PM GMT

What technology would Shakespeare use?

Posted by: Troy Tate
robots, technology, playwright, Shakespeare, investigation, forensics

In that realm of odd and unusual news stories, a recent story on Wired tells about a Texas A&M production of Shakespeare’s A Midsummer Night’s Dream using robot flying fairies alongside the rest of the carbon based cast. So, it seems like the classics are just that, the themes and stories also work well in today’s world. Isn’t that the definition of a classic, that it speaks to us today as effectively as it did to others in the past?

This story just made me wonder what technologies of today Shakespeare would have used in his plays.

In Hamlet, would Shakespeare have used the techniques and tools that the Ghost Hunters on Syfy use for detecting the ghost of Hamlet’s father?

In Macbeth, would the three witches have met using Cisco’s Telepresence?

Would CSI have been called in to investigate all of the deaths of King Lear’s daughters?

What technology elements or themes do you think Shakespeare would have used if he had available then what is available today?

Thanks for reading & let’s continue to be good network citizens!

Nov 11 2009   6:31PM GMT

Free online IT education resource

Posted by: Troy Tate
tutorial, IT education, technology education, information technology reference, information technology tutorial, certification, programming, sql, Database, Microsoft education, Microsoft, Macromedia, Adobe, Networking, network technology education, MAC OS, Linux, XML

I recently came across an excellent IT education resource that is free. It is the eTutorials.org website. According to the website it is a source of  thousands online tutorials, useful tips, articles, and researched recommendations.

Some of the content on eTutorials includes topics like:

Adobe:

• Adobe Illustrator CS
• Adobe Photoshop 7. How to
• Adobe Premiere 6.5. Teach yourself in 24 hours
• Adobe Indesign CS2. Professional Typography

Networking:

• Lan switching fundamentals
• Router firewall security
• Wireless lan security
• Integrated cisco and unix network architectures
• Lan switching first-step
• Mpls VPN security
• Beginner’s guide to wi-fi wireless networking
• 802.11 security. wi-fi protected access and 802.11i
• Wimax Technology for broadband wireless access
• Wireless community networks
• Network security assessment
• Network security hacks
• Network Management
• Wireless networks first-step
• LAN switching first-step

Certification:

• A programmer’s guide to java certification
• CCNP BSCI Official Exam Certification Guide
• Sun certified solaris 9.0 system and network administrator all-in-one exam guide
• Advanced DBA Certification Guide and Reference

Other technology sections include:

• Macromedia
• Programming
• SQL
• Server Administration
• Microsoft Products
• Mac OS
• Linux systems
• Mobile devices
• XML
• Misc

An example of the table of contents in the CCNP BSCI Official Exam Certification Guide tutorial includes the following sections:

CCNP BSCI Official Exam Certification Guide, Fourth Edition - Graphically Rich Book
Each chapter includes:
“Do I Know This Already?” Quiz
Foundation Topics
Foundation Summary
Q&A

Introduction
Part I: Introduction to Scalable Networks
Chapter 1. Network Design
Chapter 2. IP Address Planning and Summarization

Part II: EIGRP
Chapter 3. EIGRP Principles
Chapter 4. Scalable EIGRP

Part III: OSPF
Chapter 5. Understanding Simple Single-Area OSPF
Chapter 6. OSPF Network Topologies
Chapter 7. Using OSPF Across Multiple Areas
Chapter 8. OSPF Advanced Topics

Part IV: IS-IS
Chapter 9. Fundamentals of the Integrated IS-IS Protocol
Chapter 10. Configuring Integrated IS-IS

Part V: Cisco IOS Routing Features
Chapter 11. Implementing Redistribution and Controlling Routing Updates
Chapter 12. Controlling Redistribution with Route Maps
Chapter 13. Dynamic Host Control Protocol

Part VI: BGP
Chapter 14. BGP Concepts
Chapter 15. BGP Neighbors
Chapter 16. Controlling BGP Route Selection

Part VII: Multicasting
Chapter 17. What Is Multicasting?
Chapter 18. IGMP
Chapter 19. Configuring Multicast

Part VIII: IPv6
Chapter 20. Introduction to IPv6 and IPv6 Addressing
Chapter 21. IPv6 Routing Protocols, Configuration, and Transitioning from IPv4

Appendix A. Answers to Chapter “Do I Know This Already?” Quizzes and Q&A Sections

There is a LOT of tutorial content on this website! I would highly recommend using this resource for reference materials and increasing your knowledge in the technology topics offered.

Thanks for reading and please share with other IT Trenches readers what online tutorial resources you use for reference or education.

Nov 5 2009   4:50PM GMT

Do you use TLS or client certificates for authentication? Beware of new MITM vulnerability

Posted by: Troy Tate
tls, SSL, certificates, web services, authentication, IIS, apache, vulnerability, information security, risk, risk management

As Michael Morisy of ITKE recently posted, New SSL security hole allows man-in-the-middle attacks, a new SSL vulnerability has been announced. What you need to know about this vulnerability is that it most affects TLS (transport layer security) sessions using client authentication certificates. This is a vulnerability at the protocol level which makes it very difficult to fix where a recent previous SSL vulnerability had to do with certificate formats and content.

For specific details from the original researchers, visit the ExtendedSubset.com website. The summary of the announcement is shown below:

 Renegotiating_TLS.pdf

Some helpful protocol diagrams: Renegotiating_TLS_pd.pdf

Packet captures: renegotiating_tls_20091104_pub.zip

This one is definitely going to be interesting to watch. The excitement never ends in the security world. Leave a comment and let other ITKE readers know if you foresee any issues on this vulnerability or if you have taken any specific actions to address the risk. Thanks for reading and let’s continue to be good network citizens.